生成加密安全令牌 [英] Generating cryptographically secure tokens
本文介绍了生成加密安全令牌的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
为了生成一个32个字符的令牌来访问我们的API,我们目前使用:
In order to generate a 32 character token for access to our API we currently use:
$token = md5(uniqid(mt_rand(), true));
我已经了解到,此方法基于系统时钟,因此不是加密安全的方法,并且openssl_random_pseudo_bytes
将是更好的解决方案,因为它更难预测.
I have read that this method is not cryptographically secure as it's based on the system clock, and that openssl_random_pseudo_bytes
would be a better solution as it would be harder to predict.
如果是这种情况,等效代码是什么样的?
If this is the case, what would the equivalent code look like?
我猜是这样的,但是我不知道这是对的...
I presume something like this, but I don't know if this is right...
$token = md5(openssl_random_pseudo_bytes(32));
我应该传递给函数的长度是多少?
Also what length makes sense that I should pass to the function?
推荐答案
这是正确的解决方案:
$token = bin2hex(openssl_random_pseudo_bytes(16));
# or in php7
$token = bin2hex(random_bytes(16));
这篇关于生成加密安全令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文